Send logs to Loki

A simple guide to send logs to Loki in just a few minutes.
type: tutorialdomain: sinkssink: loki

Logs are an essential part of observing any service; without them you are flying blind. But collecting and analyzing them can be a real challenge -- especially at scale. Not only do you need to solve the basic task of collecting your logs, but you must do it in a reliable, performant, and robust manner. Nothing is more frustrating than having your logs pipeline fall on it's face during an outage, or even worse, disrupt more important services!

Fear not! In this guide we'll show you how to send send logs to Loki and build a logs pipeline that will be the backbone of your observability strategy.

Background

What is Loki?

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.

Strategy

How This Guide Works

We'll be using Vector to accomplish this task. Vector is a popular open-source utility for building observability pipelines. It's written in Rust, making it lightweight, ultra-fast and highly reliable. And we'll be deploying Vector as a daemon.

The daemon deployment strategy is designed for data collection on a single host. Vector runs in the background, in its own process, collecting all data for that host. Typically data is collected from a process manager, such as Journald via Vector's journald source, but can be collected through any of Vector's sources. The following diagram demonstrates how it works.

Vector daemon deployment strategyVector daemon deployment strategy
1. Your service logs to STDOUT
STDOUT follows the 12 factor principles.
2. STDOUT is captured
STDOUT is captured by your platform.
3. Vector collects & fans-out data
Vector will send structured logs to the Loki logging service.

What We'll Accomplish

To be clear, here's everything we'll accomplish in this short guide:

  • Collect your logs from one or more sources
  • Send structured logs to the Loki logging service.
    • Batch data to maximize throughput.
    • Set custom labels to be added to all log data.
    • Automatically retry failed requests, with backoff.
    • Buffer your data in-memory or on-disk for performance and durability.
  • All in just a few minutes!

Tutorial

  1. Install Vector

    curl --proto '=https' --tlsv1.2 -sSf https://sh.vector.dev | sh
    explain this command

    Or choose your preferred method.

  2. Configure Vector

    cat <<-VECTORCFG > vector.toml
    [sources.in]
    include = ["/var/log/nginx/*.log"] # required
    type = "file" # required
    [sinks.out]
    # General
    endpoint = "http://localhost:3100" # required
    inputs = ["in"] # required
    type = "loki" # required
    # Labels
    labels.key = "value" # example
    labels.key = "{{ event_field }}" # example
    VECTORCFG
    explain this command
  3. Start Vector

    vector --config vector.toml

    That's it! Simple and to the point. Hit ctrl+c to exit.

Next Steps

Vector is powerful utility and we're just scratching the surface in this guide. Here are a few pages we recommend that demonstrate the power and flexibility of Vector:

Vector Github repo 4k
Vector is free and open-source!
Vector getting started series
Go from zero to production in under 10 minutes!
Vector documentation
Thoughtful, detailed docs that respect your time.